Earlier this week, we were noticed that an USSD vulnerability was discovered in Android. After doing a bit of research, we came to understand the nature of the vulnerability: intents can basically dial a number and start a call without asking confirmation to the user. That could seem harmless at first sight, but it turns out it also works with USSD codes, and some of them are very powerful. This is mostly the case of vendor-specific USSD codes (that are not included in Replicant), which could erase the phone’s user data.
What’s also problematic about this is that web pages can trigger such intents (through an iframe with the
tel: prefix for instance).
Since this vulnerability was present in our Replicant images (although the damage was reduced as we don’t include vendor-specific USSD codes), we decided to include the fix in our code base and release new images. That’s nearly the only new feature of these images (Galaxy S also got a nasty graphic bug fixed).
You can download the images from the ReplicantImages page and find installation instructions as well as build guides on the Replicant wiki.
Even though we didn’t update the homepage for a long time, we are still actively working!
Lately, a big part of the work was focused on adding support for the upcoming Goldelico GTA04. We strongly encourage the use of the GTA04 since it features nearly-zero known freedom issues (the only exception being that the WiFi chip needs a loaded firmware). Porting Replicant to the GTA04 helps making the device more usable for everyone, thanks to the Android user experience.
Not so much changes were added for other devices, though Samsung devices now have stable data (3G/GPRS, etc). We are also working to reach a state of completeness on these devices. On the other hand, we are also starting the port to Replicant 4.0, based on CyanogenMod 9, introducing newly-supported devices such as the Galaxy S2 and the Galaxy Nexus.
Regarding the new Replicant 2.3 0004 images, you can download them from the ReplicantImages page, find installation instructions as well as build guides on the Replicant wiki.